Re: [PATCH RFC 0/4] Use correct NFSv4.0 callback credential

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Simo Sorce <simo@redhat.com>
To: Olga Kornievskaia <aglo@umich.edu>, Chuck Lever <chuck.lever@oracle.com>
Cc: linux-nfs <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH RFC 0/4] Use correct NFSv4.0 callback credential
Date: Fri, 18 May 2018 15:05:07 -0400	[thread overview]
Message-ID: <1526670307.10011.20.camel@redhat.com> (raw)
In-Reply-To: <CAN-5tyGDGOqPKXKD+LQq8Ub3CUosmaaAq=ir3Gp7R3LKABwtEQ@mail.gmail.com>

On Fri, 2018-05-18 at 14:53 -0400, Olga Kornievskaia wrote:
> Hi Chuck,
> 
> I'm not convinced that "srchost=" is necessary. I believe that
> everything that is needed is suppose to be encoded in the "target="
> option.
> 
> I thought target just needed to correctly identify the domain for
> which authentication is taking place. Then I think more changes should
> be in nfs-utils to make sure that we find credentials for that
> particular domain instead of going by the gethostbyname() results.

What do you mean by "domain" here? Realm or hostname ?
What if the multihomed service is part of multiple realms and even
serves with multiple different hostnames ?

Simo.

> 
> On Fri, May 18, 2018 at 11:39 AM, Chuck Lever <chuck.lever@oracle.com> wrote:
> > I've been experimenting with this series that modifies NFSD to
> > discover and use the correct GSS service principal when constructing
> > its NFSv4.0 callback channels. I'm interested in review of this
> > approach. There are a couple of code comments marked with XXX that
> > also need some attention.
> > 
> > The rpc.gssd change mentioned in 1/4 is unremarkable and will be
> > made available once there is consensus about the kernel changes
> > in this series. No gssproxy changes are necessary.
> > 
> > ---
> > 
> > Chuck Lever (4):
> >       sunrpc: Enable the kernel to specify the hostname part of service principals
> >       sunrpc: Extract target name into svc_cred
> >       nfsd: Use correct credential for NFSv4.0 callback with GSS
> >       nfsd: Remove callback_cred
> > 
> > 
> >  fs/nfsd/nfs4callback.c               |   29 ++++----------
> >  fs/nfsd/nfs4state.c                  |   17 +++-----
> >  fs/nfsd/state.h                      |    2 -
> >  include/linux/sunrpc/svcauth.h       |    3 +
> >  net/sunrpc/auth_gss/auth_gss.c       |   20 ++++++++--
> >  net/sunrpc/auth_gss/gss_rpc_upcall.c |   70 ++++++++++++++++++++++------------
> >  6 files changed, 80 insertions(+), 61 deletions(-)
> > 
> > --
> > Chuck Lever
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc

next prev parent reply	other threads:[~2018-05-18 19:05 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-18 15:39 [PATCH RFC 0/4] Use correct NFSv4.0 callback credential Chuck Lever
2018-05-18 15:39 ` [PATCH RFC 1/4] sunrpc: Enable the kernel to specify the hostname part of service principals Chuck Lever
2018-05-18 15:39 ` [PATCH RFC 2/4] sunrpc: Extract target name into svc_cred Chuck Lever
2018-05-18 15:39 ` [PATCH RFC 3/4] nfsd: Use correct credential for NFSv4.0 callback with GSS Chuck Lever
2018-05-18 15:39 ` [PATCH RFC 4/4] nfsd: Remove callback_cred Chuck Lever
2018-05-18 16:03 ` [PATCH RFC 0/4] Use correct NFSv4.0 callback credential Simo Sorce
2018-05-18 16:53   ` Chuck Lever
2018-05-18 17:07     ` Simo Sorce
2018-05-29 18:21   ` Fwd: " Chuck Lever
2018-05-29 19:13     ` J. Bruce Fields
2018-05-29 19:14       ` Chuck Lever
2018-08-15 22:27         ` Chuck Lever
2018-08-16 13:19           ` J. Bruce Fields
2018-05-18 18:53 ` Olga Kornievskaia
2018-05-18 19:05   ` Simo Sorce [this message]
2018-05-18 20:02     ` Olga Kornievskaia
2018-05-18 19:23   ` Chuck Lever
2018-05-18 20:11     ` Olga Kornievskaia
2018-05-18 20:19       ` Olga Kornievskaia
2018-05-18 20:42         ` Simo Sorce
2018-05-18 20:39       ` Simo Sorce
2018-05-18 20:56       ` Chuck Lever
2018-05-18 21:02         ` Olga Kornievskaia

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1526670307.10011.20.camel@redhat.com \
    --to=simo@redhat.com \
    --cc=aglo@umich.edu \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.